Dec 062018

Donnette Beckett and Tony Reid report:

Police say a student undertook a cyber attack on the Mount Zion School District computer network to sabotage a homework assignment, causing the system to crash.

Mount Zion police Lt. Mike Foster said the 18-year-old student launched the attacks using an app on his phone. Foster said the first was Nov. 20 when the district’s computer system went down for about an hour. A second attack occurred on Nov. 26, and this time service was disrupted from 10 a.m. to 2 p.m., he said, and a third and final attack disrupted the system again about 9:15 a.m. Nov. 27.

Read more on Herald & Review.

Dec 052018

A former headteacher has been fined in court for unlawfully obtaining school children’s personal data from previous schools where he worked.

Darren Harrison of Twickenham, obtained the information from two primary schools were he had worked, and uploaded it to his then current school’s server. As he had no lawful reason to process the personal data, he was in breach of data protection legislation.

Six months into his role as Deputy Head at Isleworth Town Primary School, Harrison was suspended. A subsequent IT audit showed large volumes of sensitive personal data present on the Isleworth server from his previous schools, Spelthorne Primary and The Russell Schoolin Richmond.

During the course of the investigation, Harrison provided no valid explanation as to how the information had appeared on his system, which was via an upload from his USB stick, stating he had deleted the personal data from it.

In a subsequent interview with the Information Commissioner’s Office (ICO) Harrison read from a prepared statement advising the information had been taken for professional purposes.

Appearing before Ealing Magistrates’ Court, Harrison admitted two offences of unlawfully obtaining personal data in breach of s55 of the Data Protection Act 1998.

He was fined £700, ordered to pay £364.08 costs and a victim surcharge of £35.

Mike Shaw, the ICO’s Criminal Investigation Group Manager, said:

“Children and their parents or guardians have the right to expect that their personal data is treated with respect and that their legal right to privacy is adhered to.

“A headteacher holds a position of standing in the community and with that position comes the added responsibility to carry out their role beyond reproach.

“The ICO will continue to take action against those who we find have abused their position of trust.”

Source: Information Commissioner’s Office

Nov 302018

Jason Kelly and Megan Cruz report:

A 27-year-old student and a 32-year-old employee at Embry-Riddle Aeronautical University were arrested Thursday after police said they hacked into the school’s computer system.

Investigators said Kevin Scott, a Ph.D. student, and Jeanette Barott, a communications specialist in the College of Engineering, hacked into the university’s computer system to see information they weren’t supposed to.

Read more on WFTV.

Nov 252018

Bill Dolan reports:

The Lake Ridge School Corp. has had another financial setback only weeks after voters declined to provide more tax revenue to the struggling institution.

The school district recently lost a legal battle with a New York bank to recover more than $120,000 stolen two years ago by an offshore computer hacker.

School Superintendent Sharon Johnson-Shirley said this week she still believes Bank of New York Mellon should have reimbursed the school district.

However, U.S. District Court Judge Theresa Springmann dismissed her lawsuit against the bank, ruling earlier this month that the bank cannot be held responsible under its contract with the school corporation.

Read more on NWI Times.

Nov 212018

Martin George reports:

The number of data breaches reported by schools increased by almost a quarter in just two years, new research shows.

Schools in the UK reported 703 data breaches to the Information Commissioner’s Office (ICO) in 2016-17, compared with 571 in 2014-15.

A freedom of information request by accountancy network UHY Hacker Young showed that 674 were reported in 2015-16.

Read more on tes.

It is hard to attempt to draw comparisons to the situation in the U.S. due to the absence of any one centralized agency in the U.S. that requires notifications to it (such as the Information Commissioner’s Office).  By looking within states that have mandatory reporting to the state, we may be able to determine if reports are increasing over years, but getting actual numbers that are likely to be reliable seems to be a bit unlikely still.